diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-14 23:16:43 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-14 23:16:43 +0100 |
commit | bef39b72834173e969efc6cee10145300a3af94c (patch) | |
tree | db967f3089ce21322d8a7beb1ae2badf67c82176 | |
parent | b05b3f32354f7fe9cefee74ea18020fd8069bc10 (diff) | |
download | fastd-bef39b72834173e969efc6cee10145300a3af94c.tar fastd-bef39b72834173e969efc6cee10145300a3af94c.zip |
Ensure sessions are invalidated before the nonce wraps
While it isn't realistic for the nonce to wrap in less than one hour, it's
better to check for this.
-rw-r--r-- | src/methods/common.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/methods/common.h b/src/methods/common.h index 0769a6c..6be32e9 100644 --- a/src/methods/common.h +++ b/src/methods/common.h @@ -51,6 +51,9 @@ bool fastd_method_reorder_check(fastd_context_t *ctx, fastd_peer_t *peer, fastd_ static inline bool fastd_method_session_common_is_valid(fastd_context_t *ctx, const fastd_method_common_t *session) { + if (session->send_nonce[COMMON_NONCEBYTES-1] == 0xff && session->send_nonce[COMMON_NONCEBYTES-2] == 0xff) + return false; + return (timespec_after(&session->valid_till, &ctx->now)); } @@ -59,7 +62,13 @@ static inline bool fastd_method_session_common_is_initiator(const fastd_method_c } static inline bool fastd_method_session_common_want_refresh(fastd_context_t *ctx, const fastd_method_common_t *session) { - return fastd_method_session_common_is_initiator(session) && timespec_after(&ctx->now, &session->refresh_after); + if (session->send_nonce[COMMON_NONCEBYTES-1] == 0xff) + return true; + + if (fastd_method_session_common_is_initiator(session) && timespec_after(&ctx->now, &session->refresh_after)) + return true; + + return false; } static inline void fastd_method_session_common_superseded(fastd_context_t *ctx, fastd_method_common_t *session) { |